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DETAILED ACTION 

1 . Claims 48-66 have been examined. 

Examiner's Statement of Reasons for Allowance 

2. Claims 46-66 allowed over prior art. 

The following is an examiner's statement of reasons for the indication of 
allowable claimed subject matter. 

Any comments considered necessary by applicant must be submitted no later than 
the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

As per claim 48 (an example of broader claim), none of the prior art of record, 
either taken by itself or in any combination, would have anticipated or made obvious the 
invention of the present application at or before the time it was filed. The subject matter 
regarded as allowable by the examiner is: . 

"during execution of the class constructor for the second class, attempting by the 

second 

class to verify a digital signature on the codebase for the first class; 

in response to a successful verification of the digital signature on the codebase for the 
first class, successfully completing the instantiation of the second class; 

in response to successfully completing the instantiation of the second class, 
determining by the first class a codebase for the second class; 
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in response to determining by the first class the codebase for the second class, 
attempting by the first class to verify a digital signature on the codebase for the second 
class; and 

in response to a successful verification of the digital signature on the codebase for 
the second class, performing the call from the instance of the first class to the instance of 
the second class." 

Claims 54 is an apparatus and claim 61 is a computer program product 
corresponding to claim 48. 

Claims 49-53,55-60,62-66 are also allowed by virtue of their dependencies. 

Conclusion 

3, Prior arts made of record, not relied upon: 

US 6,192, 476 is directed to a method and system for determining whether a 
principal (e.g. a thread) may access a particular resource. According to one aspect of the 
invention, the access authorization determination takes into account the sources of the 
code on the call stack of the principal at the time the access is desired. Because the source 
of the code on the call stack will vary over time, so will the access rights of the principal. 
Thus, when a request for an action is made by a thread, a determination is made of 
whether the action is authorized based on permissions associated with routines in a 
calling hierarchy associated with the thread. The determination of whether a request is 
authorized is based on a determination of whether at least one permission associated with 
each routine encompasses the permission required to perform the requested action. 
Support for "privileged" routines is also provided. When a routine in the calling hierarchy 
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is privileged, the determination of whether an action is authorized is made by determining 
whether at least one permission associated with each routine between and including the 
privileged routine and a second routine in the calling hierarchy encompasses the 
permission required to perform the requested action. 

US 6,226,746 discloses a system obtaining the security requirements for an 
action requested by a thread executing on a computer. The thread invokes a plurality of 
methods during its execution. The system includes a call stack and a determination unit. 
The call stack stores an identifier and security requirements for each of the methods in 
the order that the methods were invoked by the thread. The determination unit combines 
the method security requirements from the call stack to obtain the security requirements 
for the requested action, a class signature interface exposes members of an object class in 
an object oriented software system by exposing access information to the member. 

US 6, 157,960 is directed to an automatic object distribution which allows object 
oriented programs to be run as distributed programs without any explicit networking 
code, and without using an interface definition language (IDL). The invention allows 
programmers to experiment with different distributions without complicating the 
programming task. It accomplishes this by generating two proxies that allow method calls 
written for local invocation to be invoked over a network. These dynamically- generated 
proxies allow calls to flow across a network as if they were local. 

US 6,615,350 teaches an apparatus, system, and method to provide an initial and 
an on-going authentication mechanism with which two executable entities may 
unilaterally or bilaterally authenticate the identity, origin, and integrity of each other. In 
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one instance, the authentication mechanisms are implemented within a dynamically 
loaded, modular, cryptographic system. The initial authentication mechanism may 
include digitally signed challenge and possibly encrypted response constructs that are 
alternately passed between the authenticating and authenticated executable entities. A 
chain of certificates signed and verified with the use of asymmetric key pairs may also be 
part of the initial authentication mechanism. Representative asymmetric key pairs include 
a run-time key pair, a per-instance key pair, and a certifying authority master key pair. 
The on-going authentication mechanism may include nonce variable having a state 
associated therewith. The state may be both time and incidence varyin and may be 
combined in an obfuscating or encrypted manner into data passed between the executable 
entities. The initial and ongoing authentication mechanisms may have instances 
implemented without the use of export-regulated cryptography. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Taghi T. Arani whose telephone number is (571) 272- 
3787. The examiner can normally be reached on 8:00-5:30 Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). ^ 
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